API tools faq
paste
Advertisement
Racco42

Locky "flight tickets"

Racco42
Aug 31st, 2016
1,806
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.57 KB | None | 0 0
raw download clone embed print report
  1. 2016-08-31 #locky email phishing campaign "flight tickets"
  2.  
  3. Email sample (sender address varies) :
  4. --------------------------------------------------------------------------------------------------
  5. From: "Savannah Grimes"
  6. To: [REDACTED]
  7. Subject: flight tickets
  8.  
  9. Good evening [REDACTED].
  10.  
  11. I am sending you the flight tickets for your business conference abroad next month.
  12. Please see the attached and note the date and time.
  13.  
  14.  
  15.  
  16. Respectfully,
  17. Savannah Grimes
  18. --------------------------------------------------------------------------------------------------
  19. Attached file "[random chars].zip" contains file "[8 random hexachars]_flight_tickets.js"; a JScript downloader
  20.  
  21. Downloads:
  22. http://18vek.spb.ru/p3isx
  23. http://72.47.222.40/~princeton/59h385
  24. http://76.74.242.140/~nonni416/19o5f
  25. http://82.145.39.61/~ianjeffrey/c5esiqs
  26. http://alc-okadakogyo.com/c4bl21
  27. http://alc-okadakogyo.com/d3tcv1
  28. http://aromas-naturales.50webs.com/87bou8
  29. http://a-tconsulting.co.uk/jjn76fc
  30. http://bookinghotworld.ws/03o9ztt
  31. http://brilli.dialogicnet.it/ceisystems.net/zxp2bczb
  32. http://convenilifecanbe.web.fc2.com/umnm0
  33. http://csmwwst.de/eygrg56
  34. http://files.renderings.com/xyj4yct
  35. http://finishcar.de/wyl4ps
  36. http://footballsoccerdvd.web.fc2.com/54u78
  37. http://higashikurumesc.web.fc2.com/z3h30dd
  38. http://instalserie.pt/ofagf4n5
  39. http://joeybecker.gmxhome.de/jziawq9x
  40. http://kabunews.web.fc2.com/y5i8r
  41. http://malwinstall.wang/0b9zg
  42. http://mambarambaro.ws/0kuhj
  43. http://members.chello.at/~ferencs/oqqqu2ih
  44. http://nibis.de/~ffsstade/53s67f
  45. http://nkbzryw.republika.pl/j6nl9gm
  46. http://powermax.ru/fqte8le
  47. http://rakutenjapan.web.fc2.com/hwhi3
  48. http://reaktywacja.pawlov.cba.pl/87zji
  49. http://roger.pierrieau.perso.sfr.fr/68d8ti
  50. http://sanluisweb.50webs.com/oi598tv
  51. http://savuchtettu.xyz/19o5f
  52. http://simo62.web.fc2.com/yywcdpbu
  53. http://sonaeyou1.web.fc2.com/vfzrxb9
  54. http://stiopka.atspace.com/7k5i3
  55. http://timetobuymlw.in/1x3xiq5i
  56. http://user22393.vs.easily.co.uk/rq758n
  57. http://virmalw.name/31fwt4cs
  58. http://w07q93g5g.homepage.t-online.de/b20pqog6
  59. http://www.apmmc.it/u2d1j
  60. http://www.assonet.org/3dhsh
  61. http://www.avisgibellina.it/k6h6i7we
  62. http://www.commentaborderunefille.fr/rwbnm
  63. http://www.download.extraslot.ru/hvuns
  64. http://www.end-motorsport.de/rjhae
  65. http://www.engware.it/bqf58
  66. http://www.fmpromedia.com/fim8xbh
  67. http://www.francescafraioli.it/pzwnpmmy
  68. http://www.francogatta.it/npoa0lzw
  69. http://www.hotelancorariviera.com/tm0pnjrq
  70. http://www.ieslamerced.es/zhjkqpkc
  71. http://www.itogazaidan.jp/hnnencdd
  72. http://www.kreso.it/x6oj6v
  73. http://www.luigigiordano.org/njkg8j
  74. http://www.personalshoppingservice.it/pa51ijl
  75. http://www.redanchemical.com/dtzg24s
  76. http://www.themccrarys.us/p4xx86
  77. http://yhinas.hanagumori.com/31fwt4cs
  78.  
  79. Malware encoded on download, filesize 161796 bytes:
  80. 20ef5e2d51b30c9fb98c289f7de17ba3c4b417c553c98c42dd28f82584087229 http___18vek.spb.ru_p3isx
  81. 7cc538e302231334c419eff3936b2ee41fcfb291ae6cc2fb97b1c966ce72e515 http___72.47.222.40_~princeton_59h385
  82. 9f204252d23ac85844a16fddce9b352ba2e1c5ac8a92c6e4d744efda7e3b3cde http___76.74.242.140_~nonni416_19o5f
  83. 1eed88711895fae051df33d5dedb3c64c8830eb14fec8a1c5f6a6191dcd3d23b http___82.145.39.61_~ianjeffrey_c5esiqs
  84. 968e13494b2d9b1478fdceea82a64910fe86f39c3dc6a71326dcf85eb490da74 http___alc-okadakogyo.com_c4bl21
  85. 6f4c9e2d7ac100f399dda6211643309350718e7f7db1b3773c60e51721566287 http___alc-okadakogyo.com_d3tcv1
  86. a05b07fded7e98abdd4c69036d1ffa72dd256cfe3e68a30ec05b8c242c201c68 http___aromas-naturales.50webs.com_87bou8
  87. ea362001a025bab6f0ce998a44bb39c7997b3baa563f06b2d9d669a264a01762 http___bookinghotworld.ws_03o9ztt
  88. 339fab92c9ffbe9f0d545b94d0d055d40a4398271b75329494e4f262ff73dba0 http___brilli.dialogicnet.it_ceisystems.net_zxp2bczb
  89. 9cff455cd3712991d7fcc055f39cde8e4b2e8de4bf7136cea7928a1b7d710f3b http___files.renderings.com_xyj4yct
  90. 1c3f67c923265d71ab8c6484492b90180f687027c817382a093b6812f122eed7 http___finishcar.de_wyl4ps
  91. 40dc0d7c2f23be5a9c4b99c1d9f6e8f240d76edd2957b0b3093b4fcb7cf9fcb7 http___instalserie.pt_ofagf4n5
  92. ddd5eb8b834e49318efaa1b433bd9ac74eed58e5e321049a706f1f511b1caab8 http___joeybecker.gmxhome.de_jziawq9x
  93. 6bf540afebed0dab2bfa48bb78268bc07fa2f3e1dbf9530322d8d52547ebffce http___malwinstall.wang_0b9zg
  94. 00033553eb4bf9d1d2de13e27fecf82be5b073c37e475c275a93da4f5a3c49b6 http___mambarambaro.ws_0kuhj
  95. f123ff8e3d4cd39ad2a44907d13699d03915d281d30c340b7d0ec6751fb9501f http___members.chello.at_~ferencs_oqqqu2ih
  96. bbcea409141a88ca6530f7c0e994452ba5102dbcd8c97749d864b013ba9fd2e0 http___nibis.de_~ffsstade_53s67f
  97. 32251c968bcf98104722b197aaa2cae8446c04ba88a5be23d071ffbddfccfa83 http___nkbzryw.republika.pl_j6nl9gm
  98. fcbfb1efd98a36de8e1f5be6d108c457a026417772613a2359d9c113eed20eb2 http___reaktywacja.pawlov.cba.pl_87zji
  99. b30049a307ed6d890c0cf83184c01a7cb8ce829bac40e8479297342e218e3e13 http___roger.pierrieau.perso.sfr.fr_68d8ti
  100. ec47b65faed4366840b4d114a062775c01df9f2d0ffa3c963bad4093c548ed54 http___sanluisweb.50webs.com_oi598tv
  101. d3f4eafa9ae322b21dab72285a1470449615dcd5674988ab3dc685984f3133dc http___timetobuymlw.in_1x3xiq5i
  102. efba7aac73f660dd73267c6eae2960bb76c2802c16deff40c50dd5e5f41d406b http___user22393.vs.easily.co.uk_rq758n
  103. a45f229fc4fde336acd3160f2c8eef16a43bdc8757ab1f43cac78d6751aa4c4b http___virmalw.name_31fwt4cs
  104. 6ff92a5c9c823a5bff01c64a669f9966b66967c98fdb6e3eaefa5ced72f2f750 http___w07q93g5g.homepage.t-online.de_b20pqog6
  105. e070c6d3b39605f238a3cce06e6c58da0ba5e61b553fa6b37c0e99bd19d0b7db http___www.assonet.org_3dhsh
  106. 896b301ebdf424d44d0a7abd6300864339ba9ea8dae61505b677ec943046c101 http___www.avisgibellina.it_k6h6i7we
  107. b063592aaa73e0e2966d84bbfe4358745be7a545c048fa6edd2b5dd7eab35f93 http___www.download.extraslot.ru_hvuns
  108. 0be96f0cf7874dade5c2e7f74d7b30f02d747340b1fb942628c65f92167d9570 http___www.end-motorsport.de_rjhae
  109. 9b5832c12621be70bed53b0a75eb5814b984103b84597fc57a7e26983ccaba44 http___www.engware.it_bqf58
  110. f32577a1dd1b408c0b84a83ddcaf9afee1114abd3f00812a6eb78ce01a88c694 http___www.fmpromedia.com_fim8xbh
  111. b8157646c01d75d7bd9a085d2b020cb313368ecad9faf16aefaf8118b4c0fab6 http___www.francescafraioli.it_pzwnpmmy
  112. 851b3bb5975bc3fec5a9bf67d2d5809c209653fd7aea5f837e7c48f7e2a3a046 http___www.francogatta.it_npoa0lzw
  113. 3e25db8b1464dc2f31be17386c5caff22cf3f23e8bff714b10a01b304ec59410 http___www.hotelancorariviera.com_tm0pnjrq
  114. 83fd34491e629a53542bfa3630427ea02875498c7f7df4148f9d4825f496a328 http___www.ieslamerced.es_zhjkqpkc
  115. d2a733f15ae0f8e5fbc223edfacf27d6941afe4ca03dda77b0b11f1ec1e0b5b2 http___www.kreso.it_x6oj6v
  116. 49178a54bdad389fc1c32ac6b3a133302c47c57b11c1e4cc418d7e4b968845b2 http___www.luigigiordano.org_njkg8j
  117. 8821042074c425dc7ae0d1f9830778725eee58b2e02584b8afbd9064cdebd70d http___www.personalshoppingservice.it_pa51ijl
  118. 3fefc0064e0b026bf94d8d824e0d2d706fb591d53655bba1f6396252154e2125 http___www.redanchemical.com_dtzg24s
  119. a45f229fc4fde336acd3160f2c8eef16a43bdc8757ab1f43cac78d6751aa4c4b http___yhinas.hanagumori.com_31fwt4cs
  120.  
  121. https://www.reverse.it/sample/166fa4279164f2f882ba546c9af03f2068aa74fa7f4cfc2d615e6f294e6ab3a2?environmentId=100
  122. https://www.reverse.it/sample/9ce5bb33e85a68ab0a45b0925e32789300ea4ebf204322c87c23bcdaca55e71f?environmentId=100
  123. https://www.reverse.it/sample/923cd4e7f01e160374b97fe33a9c364938ef52555bea7e391b8443acf3449343?environmentId=100
  124. https://www.reverse.it/sample/e4faa0ec1c9a58c48b2f80721b49635571bb6a0d6f122001616468d7be001161?environmentId=100
  125. https://www.reverse.it/sample/d3b8e7964136e41180f546eae1254b94f6c5de7f7fafde3f668b96a7b23f2116?environmentId=100
  126.  
  127.  
  128. C2:
  129. 188.127.249.32:80/data/info.php
  130. 188.127.249.203:80/data/info.php
  131. 138.201.191.196:80/data/info.php
  132. 95.85.19.195:80/data/info.php
  133. (tlehsdy.biz) 69.195.129.70:80/data/info.php
  134. (cufrmjsomasgdciq.pw) 91.223.180.66:80/data/info.php
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!